Ram wrote:> What if proc filesystem is removed from the kernel?> > Ability to access some other namespace through the proc filesystem does> not look clean. I think it should be cleanly supported through VFS.

You don't have to use /proc/NNN/root - that's just one convenient wayto do it.

Other ways are

run_in_namespace mount -t bind / /var/namespaces/$NAME

and

clone + open("/") + pass to parent using unix socket

which I think both work already.

> Also cd'ing into a new namespace just allows you to browse through> the other namespace. But it does not effectively change the process's> namespace. Things like mount in the other namespace will be failed> by check_mount() anyway.

That's correct.

> I think, we need sys calls like sys_cdnamespace() which switches to a> new namespace.

Can you give a reason why sys_chdir() shouldn't have that behaviour?

> Effectively the process's current->namespace has to be modified,> for the process to be effectively work in the new namespace.

Or just remove current->namespace. It's entire purpose seems to be toprevent namespaces from being first class objects. The idea of"current namespace" is adequately represented bycurrent->fs->mnt_root->mnt_namespace IMHO.